Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-30 | CVE-2019-4456 | XXE vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-07-30 | CVE-2019-4062 | XXE vulnerability in IBM I2 Intelligent Analysis Platform IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-07-25 | CVE-2019-4415 | Unspecified vulnerability in IBM Cloud Private 3.1.1/3.1.2 IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. | 7.8 |
| 2019-07-25 | CVE-2019-4212 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-07-22 | CVE-2019-4267 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Spectrum Protect The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. | 7.8 |
| 2019-07-22 | CVE-2018-2024 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0 IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2019-07-17 | CVE-2019-4430 | Path Traversal vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2019-07-11 | CVE-2019-4193 | Information Exposure vulnerability in IBM Jazz for Service Management IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. | 7.5 |
| 2019-07-02 | CVE-2019-4292 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Guardium 10.5 IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. | 8.8 |
| 2019-07-02 | CVE-2019-4140 | Information Exposure vulnerability in IBM Spectrum Protect IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. | 7.1 |